Language Selection

English French German Italian Portuguese Spanish

Proprietary Software and New FUD

Filed under
Security
  • Back to windows after twenty years

    See, the whole reason I thought Windows might be a suitable alternative for me was all the enthusiasm around Windows Linux Subsystem (WSL). Basically putting all the *nix tooling at your fingertips, like it is on OSX, in a way that doesn’t require crazy hoops.

    But it’s just not there. The first version of WSL is marred with terrible file-system performance, and I got to feel that right away, when I spent eons checking out a git repository via GitHub for Windows. A 10-second operation on OSX took 5-6 minutes on Windows.

    [...]

    Windows still clearly isn’t for me. And I wouldn’t recommend it to any of our developers at Basecamp. But I kinda do wish that more people actually do make the switch. Apple needs the competition. We need to feel like there are real alternatives that not only are technically possible, but a joy to use. We need Microsoft to keep improving, and having more frustrated Apple users cross over, point out the flaws, and iron out the kinks, well, that’s only going to help.

  • These Machines Can Put You in Jail. Don’t Trust Them.

    The machines are sensitive scientific instruments, and in many cases they haven’t been properly calibrated, yielding results that were at times 40 percent too high. Maintaining machines is up to police departments that sometimes have shoddy standards and lack expertise. In some cities, lab officials have used stale or home-brewed chemical solutions that warped results. In Massachusetts, officers used a machine with rats nesting inside.

    Technical experts have found serious programming mistakes in the machines’ software. States have picked devices that their own experts didn’t trust and have disabled safeguards meant to ensure the tests’ accuracy.

    The Times interviewed more than 100 lawyers, scientists, executives and police officers and reviewed tens of thousands of pages of court records, corporate filings, confidential emails and contracts. Together, they reveal the depth of a nationwide problem that has attracted only sporadic attention.

  • Uber’s Self-Driving Car Didn’t Know Pedestrians Could Jaywalk

    The software inside the Uber self-driving SUV that killed an Arizona woman last year was not designed to detect pedestrians outside of a crosswalk, according to new documents released as part of a federal investigation into the incident. That’s the most damning revelation offered up in a trove of new documents related to the crash, but other details indicate that, in a variety of ways, Uber’s self-driving car work failed to consider how humans actually operate.

  • Libarchive vulnerability can lead to code execution on Linux, FreeBSD, NetBSD [Ed: Very typical ZDNet FUD from Catalin Cimpanu, their drama queen hired from a lying site. To exploit the alleged bug one needs to run (and get) malicious files. But CBS tabloids with money from Microsoft don't let facts get in the way. Skip the headline and find "Exploitation scenarios include users who receive malicious files from attackers or local apps that use Libarchive's various components for file decompression."]
  • Former CIA Employee Who Allegedly Disclosed ‘Vault 7’ Files To WikiLeaks Challenges Espionage Act Charges

    Former CIA employee Josh Schulte, who is accused of leaking the “Vault 7” files to WikiLeaks, urged a federal court to rule the Espionage Act is unconstitutional. He also asked the court to dismiss the Espionage Act charges against him.

    The files Schulte allegedly released brought scrutiny to the CIA’s hacking arsenal, which targeted smartphones and computers. A program called “Weeping Angel,” that allowed the CIA to attack Samsung F8000 TVs and convert them into spying devices was exposed. They also showed how the CIA targeted Microsoft Windows, as well as Signal and WhatsApp users, with malware.

More on libarchive

  • Linux users warned to update libarchive to beat flaw [Ed: If users do not download malicious, dodgy files and then execute these, that might be fine. Same for macros in documents. It's not a major or critical issue.]

    The bug is identified as CVE-2019-18408, a high-priority ‘use-after-free’ bug when dealing with a failed archive.

    No real-world exploits have been detected but if one existed, it would attempt to use a malicious archive to induce a denial-of-service state or arbitrary code execution.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

today's howtos and proprietary software

  • Everything you need to know to become an expert Linux admin - TechRepublic

    IT professionals have to be life-long learners with quarterly goals for improving their skills to keep up with the industry, particularly when it comes to Linux. System administrators should be constantly looking for new ways to improve their skills for managing Linux servers and distributions.  This roundup of TechRepublic Premium resources, by Linux expert Jack Wallen, can help you fill the holes in your skills gap. There is advice for mastering the command line as well as selecting the best GUI tool. Maybe your challenge is managing users or permissions? Wallen has got you covered with that task, too. Sysadmins can use any one of these resources to get smarter about Linux and bring value to the IT team.

  • PAM Bypass: when null(is not)ok

    Someone enters an IRC support channel and proclaims their dovecot server has been hacked and a non existing user sends spam email from their server. The initial reaction might be something along the lines of Wat With the following assumption that the user clearly did something wrong. Hosting email is difficult after all. I don’t quite recall how rest of the support went, but it was solved and the root cause was not found. However, we keep on rolling! Then someone posts about a similar incident on r/archlinux. Now, if this happens twice something is amiss! Arch has had a few issues with PAM lately, thus it could be that there is a configuration issue. Johannes and I try to reproduce, but I don’t get far and Johannes keeps on working on the issue.

  • How to install Discord on Linux Mint 20 - YouTube

    In this video, we are looking at how to install Discord on Linux Mint 20.

  • How to install Discord Canary on a Chromebook

    Today we are looking at how to install Disord Canary, the Alpha Builds of Discord, on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

  • Build your own ruler in the massive Crusader Kings III update out now | GamingOnLinux

    Paradox has released the big 1.2 update to Crusader Kings III, with it comes a fun new feature that lets you properly design your initial ruler. Since the release you've been able to step into the shoes of pre-set historical monarchs and leaders. Carrying their legacy on through the ages, and across the world. Now though, Paradox are giving us much more control over our game and our leader. You can now design them yourself with various options including appearance, age, ethnicity, sexual orientation, and more with the results sometimes looking quite amusing. You start by choosing a location, then the option to design your own will be available. Unlike how it was handled with Crusader Kings II, this is an entirely free feature added to the base game.

  • Vivaldi Web Browser Now Has a Built-in Email Client

    A fully-featured email client is the latest feature to be added to Vivaldi, the Chromium-based web browser. The bods beavering away on the wannabe web fave have added a native IMAP and POP3 email client to the app, as well as a RSS feed reader, and multi-account friendly calendar. Other recent feature additions have included a word processor and a built-in arcade game. Although Vivaldi Mail (as the feature is known) is currently of a ‘pre-Beta quality’ it is fully functional and works relatively well already. On paper Vivaldi Mail will work with most modern e-mail services via IMAP or POP. Alas, for now, this doesn’t include Google or Gmail accounts.

Programming Leftovers

  • A beginner's guide to developing with React | Opensource.com

    React is a JavaScript user interface (UI) library that was built and is maintained by Facebook. React helps JavaScript developers think logically and functionally about how they want to build a UI.

  • DOM Recording For Web Application Demos

    To show off the power of our Pernosco debugger, we wanted many short demo videos of the application interface. Regular videos are relatively heavyweight and lossy; we wanted something more like Asciinema, but for our Web application, not just a terminal. So we created DOMRec, a DOM recorder.

  • The 20 Best Kotlin Books for Beginner and Expert Developers

    Here you will find the top Kotlin books that will make it very interesting and almost effortless for you to learn Kotlin. Kotlin is a statically composed, universally useful programming language with type deduction. It is also a cross-platform language. Kotlin is intended to engage completely with Java, and Kotlin’s standard library’s JVM variant relies upon the Java Class Library. However, Kotlin’s type of derivation permits its syntax to be more compact and precise. Therefore, it has become quite crucial to learn Kotlin these days. But to learn it in the shortest number of days, a perfect set of Kotlin books is indecipherably important. Whether or not to pick Kotlin or Java for new advancement has been coming up a ton in the Android people group since the Google I/O declaration. The short answer is that Kotlin code is more secure and more succinct than Java code and that Kotlin and Java records can coincide in Android applications, so Kotlin isn’t just valuable for new applications but also for growing existing Java applications as well.

  • What the Error Handling Project Group is Working On

    The Rust community takes its error handling seriously. There’s already a strong culture in place for emphasizing helpful error handling and reporting, with multiple libraries each offering their own take (see Jane Lusby’s thorough survey of Rust error handling/reporting libraries). But there’s still room for improvement. The main focus of the group is carrying on error handling-related work that was in progress before the group's formation. To that end, we're working on systematically addressing error handling-related issues, as well as eliminating blockers that are holding up stalled RFCs. Our first few meetings saw us setting a number of short- and long-term goals. These goals fall into one of three themes: making the Error trait more universally accessible, improving error handling ergonomics, and authoring additional learning resources.

  • How to collect Rust source-based code coverage

    Source-based code coverage was recently introduced in Rust. It is more precise than the gcov-based coverage, with fewer workarounds needed. Its only drawback is that it makes the profiled program slower than with gcov-based coverage. In this post, I will show you a simple example on how to set up source-based coverage on a Rust project, and how to generate a report using grcov (in a readable format or in a JSON format which can be parsed to generate custom reports or upload results to Coveralls/Codecov).

Audiocasts/Shows/Videos: Feren OS, A First Look At Garuda Linux KDE "Dr4Gonized", and Trolling Linux

Free Software: Curl, DOSEMU2, SFC, BookStack and Hantro

  • Daniel Stenberg: The curl web infrastructure

    The purpose of the curl web site is to inform the world about what curl and libcurl are and provide as much information as possible about the project, the products and everything related to that. The web site has existed in some form for as long as the project has, but it has of course developed and changed over time.

  • DOSEMU2

    Since I have the original DOSEMU working, I'm not going to attempt to install DOSEMU2 at this time. (Especially as I'd have to build from source; precompiled packages for Debian are not provided.) But I'm glad to hear that someone has "forked" the DOSEMU project and is continuing maintenance and development, since the original DOSEMU seems to have been frozen in mid-2013.

  • Generous Match Challenge from Individual Conservancy Supporters for Annual Fundraiser

    We are pleased to launch our annual fundraiser today with a match challenge of $111,029. This match is extremely exciting (not only because it is a prime number for the second year but also) because the pledges comes entirely from individuals (not companies!) who care deeply about software freedom. The bulk of this match challenge was provided by one very generous donor who prefers to remain anonymous. Their amount was augmented by six Conservancy Supporters (listed alphabetically) who came together to increase the match even more: Jeremy Allison, Kevin P. Fleming, Roan Kattouw, Jim McDonough, Allison Randal and Daniel Vetter. You'll be hearing more about why they joined this year's match donation in interviews on our blog in the coming weeks.

  • BookStack:Collaboratively Create and editor books with your team

    When writing or editing a complex project like a book collaboratively with a team, there are many problems that start from selecting the best tools. The main problem here is there are many tools to choose from and most of them require a time to learn and setup for all team members. Many teams tend to use several tools at once which may conflict with their workflow and takes time to jump from here to there with notes, revisions and content. The best option is to keep the collaborative writing and editing workflow in one place to manage book sections, comments, revisions, images, sorting, search and exports. Wiki engines and collaborative writing tools usually require customization for book editing. Also, it's good to consider the technical knowledge of writers and editors and the time needed to learn how to use the system.

  • Hantro H1 hardware accelerated video encoding support in mainline Linux

    With the increasing need for video encoding, there are some breakthrough developments in hardware-accelerated video encoding for Linux. Bootlin has been working on the implementation of Hantro H1 hardware accelerated video encoding to support H.264 encoding on Linux which follows the company’s work on the previously-released open-source VPU driver for Allwinner processors.